ruby_smb 3.1.4 → 3.1.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +3 -1
- data/.github/workflows/verify.yml +27 -4
- data/README.md +0 -1
- data/lib/ruby_smb/client/authentication.rb +17 -2
- data/lib/ruby_smb/client.rb +10 -1
- data/lib/ruby_smb/dcerpc/dfsnm/netr_dfs_add_std_root_request.rb +24 -0
- data/lib/ruby_smb/dcerpc/dfsnm/netr_dfs_add_std_root_response.rb +21 -0
- data/lib/ruby_smb/dcerpc/dfsnm/netr_dfs_remove_std_root_request.rb +23 -0
- data/lib/ruby_smb/dcerpc/dfsnm/netr_dfs_remove_std_root_response.rb +21 -0
- data/lib/ruby_smb/dcerpc/dfsnm.rb +84 -0
- data/lib/ruby_smb/dcerpc/error.rb +24 -0
- data/lib/ruby_smb/dcerpc/fault.rb +83 -0
- data/lib/ruby_smb/dcerpc/ndr.rb +19 -8
- data/lib/ruby_smb/dcerpc/request.rb +21 -11
- data/lib/ruby_smb/dcerpc/rrp_rpc_unicode_string.rb +5 -0
- data/lib/ruby_smb/dcerpc/samr/samr_create_user2_in_domain_request.rb +24 -0
- data/lib/ruby_smb/dcerpc/samr/samr_create_user2_in_domain_response.rb +24 -0
- data/lib/ruby_smb/dcerpc/samr/samr_delete_user_request.rb +21 -0
- data/lib/ruby_smb/dcerpc/samr/samr_delete_user_response.rb +22 -0
- data/lib/ruby_smb/dcerpc/samr/samr_enumerate_domains_in_sam_server_request.rb +25 -0
- data/lib/ruby_smb/dcerpc/samr/samr_enumerate_domains_in_sam_server_response.rb +25 -0
- data/lib/ruby_smb/dcerpc/samr/samr_enumerate_users_in_domain_response.rb +0 -31
- data/lib/ruby_smb/dcerpc/samr/samr_get_alias_membership_response.rb +1 -14
- data/lib/ruby_smb/dcerpc/samr/samr_lookup_names_in_domain_request.rb +23 -0
- data/lib/ruby_smb/dcerpc/samr/samr_lookup_names_in_domain_response.rb +23 -0
- data/lib/ruby_smb/dcerpc/samr/samr_set_information_user2_request.rb +23 -0
- data/lib/ruby_smb/dcerpc/samr/samr_set_information_user2_response.rb +21 -0
- data/lib/ruby_smb/dcerpc/samr.rb +453 -83
- data/lib/ruby_smb/dcerpc.rb +2 -0
- data/lib/ruby_smb/error.rb +21 -11
- data/lib/ruby_smb/signing.rb +2 -0
- data/lib/ruby_smb/smb1/pipe.rb +6 -1
- data/lib/ruby_smb/smb2/pipe.rb +6 -2
- data/lib/ruby_smb/version.rb +1 -1
- data/spec/lib/ruby_smb/client_spec.rb +1 -0
- data/spec/lib/ruby_smb/dcerpc/dfsnm/netr_dfs_add_std_root_request_spec.rb +57 -0
- data/spec/lib/ruby_smb/dcerpc/dfsnm/netr_dfs_add_std_root_response_spec.rb +34 -0
- data/spec/lib/ruby_smb/dcerpc/dfsnm/netr_dfs_remove_std_root_request_spec.rb +49 -0
- data/spec/lib/ruby_smb/dcerpc/dfsnm/netr_dfs_remove_std_root_response_spec.rb +34 -0
- data/spec/lib/ruby_smb/dcerpc/samr/samr_create_user2_in_domain_request_spec.rb +69 -0
- data/spec/lib/ruby_smb/dcerpc/samr/samr_create_user2_in_domain_response_spec.rb +69 -0
- data/spec/lib/ruby_smb/dcerpc/samr/samr_delete_user_request_spec.rb +42 -0
- data/spec/lib/ruby_smb/dcerpc/samr/samr_delete_user_response_spec.rb +51 -0
- data/spec/lib/ruby_smb/dcerpc/samr/samr_enumerate_domains_in_sam_server_request_spec.rb +60 -0
- data/spec/lib/ruby_smb/dcerpc/samr/samr_enumerate_domains_in_sam_server_response_spec.rb +75 -0
- data/spec/lib/ruby_smb/dcerpc/samr/samr_enumerate_users_in_domain_response_spec.rb +0 -195
- data/spec/lib/ruby_smb/dcerpc/samr/samr_lookup_names_in_domain_request_spec.rb +62 -0
- data/spec/lib/ruby_smb/dcerpc/samr/samr_lookup_names_in_domain_response_spec.rb +54 -0
- data/spec/lib/ruby_smb/dcerpc/samr/samr_set_information_user2_request_spec.rb +67 -0
- data/spec/lib/ruby_smb/dcerpc/samr/samr_set_information_user2_response_spec.rb +35 -0
- data/spec/lib/ruby_smb/dcerpc/samr_spec.rb +194 -0
- data/spec/spec_helper.rb +6 -8
- data/spec/support/openssl.conf +14 -0
- data.tar.gz.sig +0 -0
- metadata +48 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2709740a324a2a43861b70704a20c07ad3302390e40ad2cb2b19aa4574e1718c
|
4
|
+
data.tar.gz: 9a4e4d4e59ae52a67b02f098c4610137182e5ff2cb4106a5d710c5b9e5d0de44
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 00004e2a2b38ebdf190ec39bdf6abc27607ac227d705b4e5f7943737a3119ad13102ddf3884bfb697b3f7bca9ec29b45db2a0554811fd41f8e67a9bd96463244
|
7
|
+
data.tar.gz: 677c779a105a0a8c478923e784500c0b9ec1710d9d332a87e4967a372987c3abb86a054254b0ec4ed2e7b4ad11527fa4c3fcc9fb233df92108f8700d3bb21d93
|
checksums.yaml.gz.sig
CHANGED
@@ -1,5 +1,21 @@
|
|
1
1
|
name: Verify
|
2
2
|
|
3
|
+
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
|
4
|
+
permissions:
|
5
|
+
actions: none
|
6
|
+
checks: none
|
7
|
+
contents: none
|
8
|
+
deployments: none
|
9
|
+
id-token: none
|
10
|
+
issues: none
|
11
|
+
discussions: none
|
12
|
+
packages: none
|
13
|
+
pages: none
|
14
|
+
pull-requests: none
|
15
|
+
repository-projects: none
|
16
|
+
security-events: none
|
17
|
+
statuses: none
|
18
|
+
|
3
19
|
on:
|
4
20
|
push:
|
5
21
|
branches:
|
@@ -10,7 +26,7 @@ on:
|
|
10
26
|
|
11
27
|
jobs:
|
12
28
|
test:
|
13
|
-
runs-on:
|
29
|
+
runs-on: ${{ matrix.os }}
|
14
30
|
timeout-minutes: 40
|
15
31
|
|
16
32
|
strategy:
|
@@ -19,15 +35,22 @@ jobs:
|
|
19
35
|
ruby:
|
20
36
|
- 2.6
|
21
37
|
- 2.7
|
22
|
-
- 3.0
|
23
|
-
- 3.1
|
38
|
+
- 3.0
|
39
|
+
- 3.1
|
40
|
+
os:
|
41
|
+
- ubuntu-18.04
|
42
|
+
- ubuntu-22.04
|
43
|
+
exclude:
|
44
|
+
- { os: ubuntu-22.04, ruby: 2.6 }
|
45
|
+
- { os: ubuntu-22.04, ruby: 2.7 }
|
46
|
+
- { os: ubuntu-22.04, ruby: 3.0 }
|
24
47
|
test_cmd:
|
25
48
|
- bundle exec rspec
|
26
49
|
|
27
50
|
env:
|
28
51
|
RAILS_ENV: test
|
29
52
|
|
30
|
-
name: Ruby ${{ matrix.ruby }} - ${{ matrix.test_cmd }}
|
53
|
+
name: ${{ matrix.os }} - Ruby ${{ matrix.ruby }} - ${{ matrix.test_cmd }}
|
31
54
|
steps:
|
32
55
|
- name: Checkout code
|
33
56
|
uses: actions/checkout@v2
|
data/README.md
CHANGED
@@ -1,7 +1,6 @@
|
|
1
1
|
# RubySMB
|
2
2
|
|
3
3
|
[![Code Climate](https://codeclimate.com/github/rapid7/ruby_smb.png)](https://codeclimate.com/github/rapid7/ruby_smb)
|
4
|
-
[![Coverage Status](https://coveralls.io/repos/github/rapid7/ruby_smb/badge.svg?branch=master)](https://coveralls.io/github/rapid7/ruby_smb?branch=master)
|
5
4
|
|
6
5
|
This is a native Ruby implementation of the SMB Protocol Family. It currently supports:
|
7
6
|
|
@@ -80,7 +80,7 @@ module RubySMB
|
|
80
80
|
type2_b64_message = smb1_type2_message(challenge_packet)
|
81
81
|
type3_message = @ntlm_client.init_context(type2_b64_message)
|
82
82
|
|
83
|
-
@session_key = @ntlm_client.session_key
|
83
|
+
@application_key = @session_key = @ntlm_client.session_key
|
84
84
|
challenge_message = @ntlm_client.session.challenge_message
|
85
85
|
store_target_info(challenge_message.target_info) if challenge_message.has_flag?(:TARGET_INFO)
|
86
86
|
@os_version = extract_os_version(challenge_message.os_version.to_s) unless challenge_message.os_version.empty?
|
@@ -210,7 +210,7 @@ module RubySMB
|
|
210
210
|
type2_b64_message = smb2_type2_message(challenge_packet)
|
211
211
|
type3_message = @ntlm_client.init_context(type2_b64_message)
|
212
212
|
|
213
|
-
@session_key = @ntlm_client.session_key
|
213
|
+
@application_key = @session_key = @ntlm_client.session_key
|
214
214
|
challenge_message = ntlm_client.session.challenge_message
|
215
215
|
store_target_info(challenge_message.target_info) if challenge_message.has_flag?(:TARGET_INFO)
|
216
216
|
@os_version = extract_os_version(challenge_message.os_version.to_s) unless challenge_message.os_version.empty?
|
@@ -227,6 +227,21 @@ module RubySMB
|
|
227
227
|
# disable encryption when necessary
|
228
228
|
@session_encrypt_data = false
|
229
229
|
end
|
230
|
+
|
231
|
+
# see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/7fd079ca-17e6-4f02-8449-46b606ea289c
|
232
|
+
if @dialect == '0x0300' || @dialect == '0x0302'
|
233
|
+
@application_key = RubySMB::Crypto::KDF.counter_mode(
|
234
|
+
@session_key,
|
235
|
+
"SMB2APP\x00",
|
236
|
+
"SmbRpc\x00"
|
237
|
+
)
|
238
|
+
else
|
239
|
+
@application_key = RubySMB::Crypto::KDF.counter_mode(
|
240
|
+
@session_key,
|
241
|
+
"SMBAppKey\x00",
|
242
|
+
@preauth_integrity_hash_value
|
243
|
+
)
|
244
|
+
end
|
230
245
|
# otherwise, leave encryption to the default value that it was initialized to
|
231
246
|
end
|
232
247
|
######
|
data/lib/ruby_smb/client.rb
CHANGED
@@ -54,6 +54,13 @@ module RubySMB
|
|
54
54
|
# The default maximum size of a SMB message that the Server accepts (in bytes)
|
55
55
|
SERVER_MAX_BUFFER_SIZE = 4356
|
56
56
|
|
57
|
+
# The application key. After authenticating to the remote server, this value is the session key for dialects less
|
58
|
+
# than version 3 and a unique value for v3 dialects. See:
|
59
|
+
# https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/901ae284-31d3-4ea1-ae8a-766fc8bfe00e
|
60
|
+
# @!attribute [rw] application_key
|
61
|
+
# @return [String]
|
62
|
+
attr_accessor :application_key
|
63
|
+
|
57
64
|
# The dispatcher responsible for sending packets
|
58
65
|
# @!attribute [rw] dispatcher
|
59
66
|
# @return [RubySMB::Dispatcher::Socket]
|
@@ -288,7 +295,7 @@ module RubySMB
|
|
288
295
|
attr_accessor :negotiated_smb_version
|
289
296
|
|
290
297
|
# Whether or not the server supports multi-credit operations. It is
|
291
|
-
# reported by the LARGE_MTU
|
298
|
+
# reported by the LARGE_MTU capability as part of the negotiation process
|
292
299
|
# (SMB 2.x and 3.x).
|
293
300
|
# @!attribute [rw] server_supports_multi_credit
|
294
301
|
# @return [Boolean] true if the server supports multi-credit operations,
|
@@ -319,6 +326,7 @@ module RubySMB
|
|
319
326
|
@sequence_counter = 0
|
320
327
|
@session_id = 0x00
|
321
328
|
@session_key = ''
|
329
|
+
@application_key = ''
|
322
330
|
@session_is_guest = false
|
323
331
|
@signing_required = false
|
324
332
|
@smb1 = smb1
|
@@ -623,6 +631,7 @@ module RubySMB
|
|
623
631
|
def wipe_state!
|
624
632
|
self.session_id = 0x00
|
625
633
|
self.user_id = 0x00
|
634
|
+
self.application_key = ''
|
626
635
|
self.session_key = ''
|
627
636
|
self.session_is_guest = false
|
628
637
|
self.sequence_counter = 0
|
@@ -0,0 +1,24 @@
|
|
1
|
+
module RubySMB
|
2
|
+
module Dcerpc
|
3
|
+
module Dfsnm
|
4
|
+
|
5
|
+
# [3.1.4.4.1 NetrDfsAddStdRoot (Opnum 12)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dfsnm/b18ef17a-7a9c-4e22-b1bf-6a4d07e87b2d)
|
6
|
+
class NetrDfsAddStdRootRequest < BinData::Record
|
7
|
+
attr_reader :opnum
|
8
|
+
|
9
|
+
endian :little
|
10
|
+
|
11
|
+
ndr_conf_var_wide_stringz :server_name
|
12
|
+
ndr_conf_var_wide_stringz :root_share
|
13
|
+
ndr_conf_var_wide_stringz :comment
|
14
|
+
ndr_uint32 :api_flags
|
15
|
+
|
16
|
+
def initialize_instance
|
17
|
+
super
|
18
|
+
@opnum = NETR_DFS_ADD_STD_ROOT
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
module RubySMB
|
2
|
+
module Dcerpc
|
3
|
+
module Dfsnm
|
4
|
+
|
5
|
+
# [3.1.4.4.1 NetrDfsAddStdRoot (Opnum 12)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dfsnm/b18ef17a-7a9c-4e22-b1bf-6a4d07e87b2d)
|
6
|
+
class NetrDfsAddStdRootResponse < BinData::Record
|
7
|
+
attr_reader :opnum
|
8
|
+
|
9
|
+
endian :little
|
10
|
+
|
11
|
+
ndr_uint32 :error_status
|
12
|
+
|
13
|
+
def initialize_instance
|
14
|
+
super
|
15
|
+
@opnum = NETR_DFS_ADD_STD_ROOT
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
module RubySMB
|
2
|
+
module Dcerpc
|
3
|
+
module Dfsnm
|
4
|
+
|
5
|
+
# [3.1.4.4.2 NetrDfsRemoveStdRoot (Opnum 13)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dfsnm/e9da023d-554a-49bc-837a-69f22d59fd18)
|
6
|
+
class NetrDfsRemoveStdRootRequest < BinData::Record
|
7
|
+
attr_reader :opnum
|
8
|
+
|
9
|
+
endian :little
|
10
|
+
|
11
|
+
ndr_conf_var_wide_stringz :server_name
|
12
|
+
ndr_conf_var_wide_stringz :root_share
|
13
|
+
ndr_uint32 :api_flags
|
14
|
+
|
15
|
+
def initialize_instance
|
16
|
+
super
|
17
|
+
@opnum = NETR_DFS_REMOVE_STD_ROOT
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
module RubySMB
|
2
|
+
module Dcerpc
|
3
|
+
module Dfsnm
|
4
|
+
|
5
|
+
# [3.1.4.4.2 NetrDfsRemoveStdRoot (Opnum 13)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dfsnm/e9da023d-554a-49bc-837a-69f22d59fd18)
|
6
|
+
class NetrDfsRemoveStdRootResponse < BinData::Record
|
7
|
+
attr_reader :opnum
|
8
|
+
|
9
|
+
endian :little
|
10
|
+
|
11
|
+
ndr_uint32 :error_status
|
12
|
+
|
13
|
+
def initialize_instance
|
14
|
+
super
|
15
|
+
@opnum = NETR_DFS_REMOVE_STD_ROOT
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
@@ -0,0 +1,84 @@
|
|
1
|
+
module RubySMB
|
2
|
+
module Dcerpc
|
3
|
+
module Dfsnm
|
4
|
+
|
5
|
+
UUID = '4fc742e0-4a10-11cf-8273-00aa004ae673'
|
6
|
+
VER_MAJOR = 3
|
7
|
+
VER_MINOR = 0
|
8
|
+
|
9
|
+
# Operation numbers
|
10
|
+
NETR_DFS_ADD_STD_ROOT = 0x000c
|
11
|
+
NETR_DFS_REMOVE_STD_ROOT = 0x000d
|
12
|
+
|
13
|
+
require 'ruby_smb/dcerpc/dfsnm/netr_dfs_add_std_root_request'
|
14
|
+
require 'ruby_smb/dcerpc/dfsnm/netr_dfs_add_std_root_response'
|
15
|
+
require 'ruby_smb/dcerpc/dfsnm/netr_dfs_remove_std_root_request'
|
16
|
+
require 'ruby_smb/dcerpc/dfsnm/netr_dfs_remove_std_root_response'
|
17
|
+
|
18
|
+
# Create a new stand-alone DFS namespace.
|
19
|
+
#
|
20
|
+
# @param server_name [String] The host name of the DFS root target.
|
21
|
+
# @param root_share [String] The DFS root target share name.
|
22
|
+
# @param comment [String] A comment associated with the DFS namespace.
|
23
|
+
# @return nothing is returned on success
|
24
|
+
# @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a
|
25
|
+
# NetrDfsAddStdRootResponse packet
|
26
|
+
# @raise [RubySMB::Dcerpc::Error::DfsnmError] if the response error status
|
27
|
+
# is not ERROR_SUCCESS
|
28
|
+
def netr_dfs_add_std_root(server_name, root_share, comment: '')
|
29
|
+
netr_dfs_add_std_root_request = NetrDfsAddStdRootRequest.new(
|
30
|
+
server_name: server_name,
|
31
|
+
root_share: root_share,
|
32
|
+
comment: comment
|
33
|
+
)
|
34
|
+
response = dcerpc_request(netr_dfs_add_std_root_request)
|
35
|
+
begin
|
36
|
+
netr_dfs_add_std_root_response = NetrDfsAddStdRootResponse.read(response)
|
37
|
+
rescue IOError
|
38
|
+
raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading NetrDfsAddStdRootResponse'
|
39
|
+
end
|
40
|
+
unless netr_dfs_add_std_root_response.error_status == WindowsError::Win32::ERROR_SUCCESS
|
41
|
+
status_code = WindowsError::Win32.find_by_retval(netr_dfs_add_std_root_response.error_status.value).first
|
42
|
+
raise RubySMB::Dcerpc::Error::DfsnmError.new(
|
43
|
+
"Error returned with netr_dfs_add_std_root: #{status_code}",
|
44
|
+
status_code: status_code
|
45
|
+
)
|
46
|
+
end
|
47
|
+
|
48
|
+
nil
|
49
|
+
end
|
50
|
+
|
51
|
+
# Delete the specified stand-alone DFS namespace.
|
52
|
+
#
|
53
|
+
# @param server_name [String] The host name of the DFS root target.
|
54
|
+
# @param root_share [String] The DFS root target share name.
|
55
|
+
# @return nothing is returned on success
|
56
|
+
# @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a
|
57
|
+
# NetrDfsRemoveStdRootResponse packet
|
58
|
+
# @raise [RubySMB::Dcerpc::Error::DfsnmError] if the response error status
|
59
|
+
# is not ERROR_SUCCESS
|
60
|
+
def netr_dfs_remove_std_root(server_name, root_share)
|
61
|
+
netr_dfs_remove_std_root_request = NetrDfsRemoveStdRootRequest.new(
|
62
|
+
server_name: server_name,
|
63
|
+
root_share: root_share
|
64
|
+
)
|
65
|
+
response = dcerpc_request(netr_dfs_remove_std_root_request)
|
66
|
+
begin
|
67
|
+
netr_dfs_remove_std_root_response = NetrDfsRemoveStdRootResponse.read(response)
|
68
|
+
rescue IOError
|
69
|
+
raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading NetrDfsRemoveStdRootResponse'
|
70
|
+
end
|
71
|
+
unless netr_dfs_remove_std_root_response.error_status == WindowsError::Win32::ERROR_SUCCESS
|
72
|
+
status_code = WindowsError::Win32.find_by_retval(netr_dfs_remove_std_root_response.error_status.value).first
|
73
|
+
raise RubySMB::Dcerpc::Error::DfsnmError.new(
|
74
|
+
"Error returned with netr_dfs_remove_std_root: #{status_code}",
|
75
|
+
status_code: status_code
|
76
|
+
)
|
77
|
+
end
|
78
|
+
|
79
|
+
nil
|
80
|
+
end
|
81
|
+
|
82
|
+
end
|
83
|
+
end
|
84
|
+
end
|
@@ -13,6 +13,19 @@ module RubySMB
|
|
13
13
|
# Raised when an invalid packet is received
|
14
14
|
class InvalidPacket < DcerpcError; end
|
15
15
|
|
16
|
+
# Raised when a fault response is received
|
17
|
+
class FaultError < InvalidPacket
|
18
|
+
attr_reader :status_code
|
19
|
+
def initialize(message=nil, status:)
|
20
|
+
@status_code = status
|
21
|
+
super(message)
|
22
|
+
end
|
23
|
+
|
24
|
+
def status_name
|
25
|
+
RubySMB::Dcerpc::Fault::Status.name(@status_code)
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
16
29
|
# Raised when an error is returned during a Winreg operation
|
17
30
|
class WinregError < DcerpcError; end
|
18
31
|
|
@@ -33,6 +46,17 @@ module RubySMB
|
|
33
46
|
|
34
47
|
# Raised when an error is returned during a Epm operation
|
35
48
|
class EpmError < DcerpcError; end
|
49
|
+
|
50
|
+
# Raised when an error is returned during a Dfsnm operation
|
51
|
+
class DfsnmError < DcerpcError
|
52
|
+
include RubySMB::Error::UnexpectedStatusCode::Mixin
|
53
|
+
|
54
|
+
def initialize(msg, status_code: nil)
|
55
|
+
self.status_code = status_code unless status_code.nil?
|
56
|
+
|
57
|
+
super(msg)
|
58
|
+
end
|
59
|
+
end
|
36
60
|
end
|
37
61
|
end
|
38
62
|
end
|
@@ -0,0 +1,83 @@
|
|
1
|
+
module RubySMB::Dcerpc::Fault
|
2
|
+
module Status
|
3
|
+
# DCERPC
|
4
|
+
NCA_S_FAULT_OTHER = 0x00000001
|
5
|
+
NCA_S_FAULT_ACCESS_DENIED = 0x00000005
|
6
|
+
NCA_S_FAULT_NDR = 0x000006F7
|
7
|
+
NCA_S_FAULT_CANT_PERFORM = 0x000006D8
|
8
|
+
NCA_S_FAULT_INT_DIV_BY_ZERO = 0x1C000001
|
9
|
+
NCA_S_FAULT_ADDR_ERROR = 0x1C000002
|
10
|
+
NCA_S_FAULT_FP_DIV_ZERO = 0x1C000003
|
11
|
+
NCA_S_FAULT_FP_UNDERFLOW = 0x1C000004
|
12
|
+
NCA_S_FAULT_FP_OVERFLOW = 0x1C000005
|
13
|
+
NCA_S_FAULT_INVALID_TAG = 0x1C000006
|
14
|
+
NCA_S_FAULT_INVALID_BOUND = 0x1C000007
|
15
|
+
NCA_RPC_VERSION_MISMATCH = 0x1C000008
|
16
|
+
NCA_UNSPEC_REJECT = 0x1C000009
|
17
|
+
NCA_S_BAD_ACTID = 0x1C00000A
|
18
|
+
NCA_WHO_ARE_YOU_FAILED = 0x1C00000B
|
19
|
+
NCA_MANAGER_NOT_ENTERED = 0x1C00000C
|
20
|
+
NCA_S_FAULT_CANCEL = 0x1C00000D
|
21
|
+
NCA_S_FAULT_ILL_INST = 0x1C00000E
|
22
|
+
NCA_S_FAULT_FP_ERROR = 0x1C00000F
|
23
|
+
NCA_S_FAULT_INT_OVERFLOW = 0x1C000010
|
24
|
+
NCA_S_FAULT_PIPE_EMPTY = 0x1C000014
|
25
|
+
NCA_S_FAULT_PIPE_CLOSED = 0x1C000015
|
26
|
+
NCA_S_FAULT_PIPE_ORDER = 0x1C000016
|
27
|
+
NCA_S_FAULT_PIPE_DISCIPLINE = 0x1C000017
|
28
|
+
NCA_S_FAULT_PIPE_COMM_ERROR = 0x1C000018
|
29
|
+
NCA_S_FAULT_PIPE_MEMORY = 0x1C000019
|
30
|
+
NCA_S_FAULT_CONTEXT_MISMATCH = 0x1C00001A
|
31
|
+
NCA_S_FAULT_REMOTE_NO_MEMORY = 0x1C00001B
|
32
|
+
NCA_INVALID_PRES_CONTEXT_ID = 0x1C00001C
|
33
|
+
NCA_UNSUPPORTED_AUTHN_LEVEL = 0x1C00001D
|
34
|
+
NCA_INVALID_CHECKSUM = 0x1C00001F
|
35
|
+
NCA_INVALID_CRC = 0x1C000020
|
36
|
+
NCS_S_FAULT_USER_DEFINED = 0x1C000021
|
37
|
+
NCA_S_FAULT_TX_OPEN_FAILED = 0x1C000022
|
38
|
+
NCA_S_FAULT_CODESET_CONV_ERROR = 0x1C000023
|
39
|
+
NCA_S_FAULT_OBJECT_NOT_FOUND = 0x1C000024
|
40
|
+
NCA_S_FAULT_NO_CLIENT_STUB = 0x1C000025
|
41
|
+
NCA_OP_RNG_ERROR = 0x1C010002
|
42
|
+
NCA_UNK_IF = 0x1C010003
|
43
|
+
NCA_WRONG_BOOT_TIME = 0x1C010006
|
44
|
+
NCA_S_YOU_CRASHED = 0x1C010009
|
45
|
+
NCA_PROTO_ERROR = 0x1C01000B
|
46
|
+
NCA_OUT_ARGS_TOO_BIG = 0x1C010013
|
47
|
+
NCA_SERVER_TOO_BUSY = 0x1C010014
|
48
|
+
NCA_UNSUPPORTED_TYPE = 0x1C010017
|
49
|
+
# Microsoft specific codes
|
50
|
+
E_NOTIMPL = 0x80004001
|
51
|
+
E_POINTER = 0x80004003
|
52
|
+
E_AOBRT = 0x80004004
|
53
|
+
E_UNEXPECTED = 0x8000FFFF
|
54
|
+
RPC_E_SERVERFAULT = 0x80010105
|
55
|
+
RPC_E_DISCONNECTED = 0x80010108
|
56
|
+
RPC_E_INVALID_IPID = 0x80010113
|
57
|
+
RPC_E_TIMEOUT = 0x8001011F
|
58
|
+
DISP_E_MEMBERNOTFOUND = 0x80020003
|
59
|
+
DISP_E_UNKNOWNNAME = 0x80020006
|
60
|
+
DISP_E_BADPARAMCOUNT = 0x8002000E
|
61
|
+
CBA_E_MALFORMED = 0x8004CB00
|
62
|
+
CBA_E_UNKNOWNOBJECT = 0x8004CB01
|
63
|
+
CBA_E_INVALIDID = 0x8004CB05
|
64
|
+
CBA_E_INVALIDCOOKIE = 0x8004CB09
|
65
|
+
CBA_E_QOSTYPEUNSUPPORTED = 0x8004CB0B
|
66
|
+
CBA_E_QOSVALUEUNSUPPORTED = 0x8004CB0C
|
67
|
+
CBA_E_NOTAPPLICABLE = 0x8004CB0F
|
68
|
+
CBA_E_LIMITVIOLATION = 0x8004CB12
|
69
|
+
CBA_E_QOSTYPENOTAPPLICABLE = 0x8004CB13
|
70
|
+
CBA_E_OUTOFPARTNERACCOS = 0x8004CB18
|
71
|
+
CBA_E_FLAGUNSUPPORTED = 0x8004CB1C
|
72
|
+
CBA_E_FRAMECOUNTUNSUPPORTED = 0x8004CB23
|
73
|
+
CBA_E_MODECHANGE = 0x8004CB25
|
74
|
+
E_OUTOFMEMORY = 0x8007000E
|
75
|
+
E_INVALIDARG = 0x80070057
|
76
|
+
RPC_S_PROCNUM_OUT_OF_RANGE = 0x800706D1
|
77
|
+
OR_INVALID_OXID = 0x80070776
|
78
|
+
|
79
|
+
def self.name(value)
|
80
|
+
constants.select { |c| c.upcase == c }.find { |c| const_get(c) == value }
|
81
|
+
end
|
82
|
+
end
|
83
|
+
end
|
data/lib/ruby_smb/dcerpc/ndr.rb
CHANGED
@@ -312,29 +312,31 @@ module RubySMB::Dcerpc::Ndr
|
|
312
312
|
def initialize_instance
|
313
313
|
@read_until_index = 0
|
314
314
|
@max_count = 0
|
315
|
+
@max_count_set = false
|
315
316
|
super
|
316
317
|
end
|
317
318
|
|
318
319
|
def insert(index, *objs)
|
319
320
|
obj = super
|
320
|
-
@max_count = length
|
321
|
+
@max_count = length unless @max_count_set
|
321
322
|
obj
|
322
323
|
end
|
323
324
|
|
324
325
|
def slice_index(index)
|
325
326
|
obj = super
|
326
|
-
@max_count = length
|
327
|
+
@max_count = length unless @max_count_set
|
327
328
|
obj
|
328
329
|
end
|
329
330
|
|
330
331
|
def []=(index, value)
|
331
332
|
obj = super
|
332
|
-
@max_count = length
|
333
|
+
@max_count = length unless @max_count_set
|
333
334
|
obj
|
334
335
|
end
|
335
336
|
|
336
337
|
def set_max_count(val)
|
337
338
|
@max_count = @read_until_index = val
|
339
|
+
@max_count_set = true
|
338
340
|
end
|
339
341
|
end
|
340
342
|
|
@@ -650,7 +652,7 @@ module RubySMB::Dcerpc::Ndr
|
|
650
652
|
include ConstructedTypePlugin
|
651
653
|
|
652
654
|
def should_process_max_count?
|
653
|
-
# According to the NDR
|
655
|
+
# According to the NDR definition for Structures Containing a Conformant
|
654
656
|
# Array:
|
655
657
|
#
|
656
658
|
# "In the NDR representation of a structure that contains a
|
@@ -761,13 +763,13 @@ module RubySMB::Dcerpc::Ndr
|
|
761
763
|
return (4 - (rel_offset % 4)) % 4
|
762
764
|
end
|
763
765
|
if obj.is_a?(ConfPlugin)
|
764
|
-
# `max_count` should have been handled at the
|
766
|
+
# `max_count` should have been handled at the beginning of the structure
|
765
767
|
# already. We need to fix `rel_offset` since it includes the
|
766
768
|
# `max_count` 4 bytes, plus the possible padding bytes needed to align
|
767
769
|
# the structure. This is required because BinData Struct is not
|
768
|
-
# aware of `max_count` and
|
770
|
+
# aware of `max_count` and consider the first field to be the beginning
|
769
771
|
# of the structure instead. We have to make sure the alignment is
|
770
|
-
# calculated from the
|
772
|
+
# calculated from the beginning of the structure.
|
771
773
|
align = eval_parameter(:byte_align)
|
772
774
|
pad_length = (align - (4 % align)) % align
|
773
775
|
rel_offset += (4 + pad_length)
|
@@ -776,7 +778,7 @@ module RubySMB::Dcerpc::Ndr
|
|
776
778
|
# (not Varying). The size information (max_count) has been place in
|
777
779
|
# from of the structure and no other size information is present before
|
778
780
|
# the actual elements of the array. Therefore, the alignment must be
|
779
|
-
# done
|
781
|
+
# done according to the rules of the elements. Since a NdrArray has its
|
780
782
|
# default :byte_align value set to 4 (:max_count size), we have to make
|
781
783
|
# sure the element size is used instead.
|
782
784
|
unless obj.is_a?(VarPlugin)
|
@@ -838,6 +840,10 @@ module RubySMB::Dcerpc::Ndr
|
|
838
840
|
end
|
839
841
|
end
|
840
842
|
|
843
|
+
#
|
844
|
+
# [Unions](https://pubs.opengroup.org/onlinepubs/9629399/chap14.htm#tagcjh_19_03_08)
|
845
|
+
#
|
846
|
+
|
841
847
|
# TODO: Unions
|
842
848
|
# TODO: Pipes
|
843
849
|
|
@@ -1207,6 +1213,11 @@ module RubySMB::Dcerpc::Ndr
|
|
1207
1213
|
extend PointerClassPlugin
|
1208
1214
|
end
|
1209
1215
|
|
1216
|
+
class NdrUint16ArrayPtr < NdrConfVarArray
|
1217
|
+
default_parameters type: :ndr_uint16
|
1218
|
+
extend PointerClassPlugin
|
1219
|
+
end
|
1220
|
+
|
1210
1221
|
class NdrFileTimePtr < NdrFileTime
|
1211
1222
|
extend PointerClassPlugin
|
1212
1223
|
end
|
@@ -60,16 +60,21 @@ module RubySMB
|
|
60
60
|
string :default
|
61
61
|
end
|
62
62
|
choice 'Samr', selection: -> { opnum } do
|
63
|
-
samr_connect_request
|
64
|
-
samr_lookup_domain_in_sam_server_request
|
65
|
-
samr_open_domain_request
|
66
|
-
samr_enumerate_users_in_domain_request
|
67
|
-
samr_rid_to_sid_request
|
68
|
-
samr_close_handle_request
|
69
|
-
samr_get_alias_membership_request
|
70
|
-
samr_open_user_request
|
71
|
-
samr_get_groups_for_user_request
|
72
|
-
|
63
|
+
samr_connect_request Samr::SAMR_CONNECT
|
64
|
+
samr_lookup_domain_in_sam_server_request Samr::SAMR_LOOKUP_DOMAIN_IN_SAM_SERVER
|
65
|
+
samr_open_domain_request Samr::SAMR_OPEN_DOMAIN
|
66
|
+
samr_enumerate_users_in_domain_request Samr::SAMR_ENUMERATE_USERS_IN_DOMAIN
|
67
|
+
samr_rid_to_sid_request Samr::SAMR_RID_TO_SID
|
68
|
+
samr_close_handle_request Samr::SAMR_CLOSE_HANDLE
|
69
|
+
samr_get_alias_membership_request Samr::SAMR_GET_ALIAS_MEMBERSHIP
|
70
|
+
samr_open_user_request Samr::SAMR_OPEN_USER
|
71
|
+
samr_get_groups_for_user_request Samr::SAMR_GET_GROUPS_FOR_USER
|
72
|
+
samr_enumerate_domains_in_sam_server_request Samr::SAMR_ENUMERATE_DOMAINS_IN_SAM_SERVER
|
73
|
+
samr_lookup_names_in_domain_request Samr::SAMR_LOOKUP_NAMES_IN_DOMAIN
|
74
|
+
samr_create_user2_in_domain_request Samr::SAMR_CREATE_USER2_IN_DOMAIN
|
75
|
+
samr_set_information_user2_request Samr::SAMR_SET_INFORMATION_USER2
|
76
|
+
samr_delete_user_request Samr::SAMR_DELETE_USER
|
77
|
+
string :default
|
73
78
|
end
|
74
79
|
choice 'Wkssvc', selection: -> { opnum } do
|
75
80
|
netr_wksta_get_info_request Wkssvc::NETR_WKSTA_GET_INFO
|
@@ -85,7 +90,12 @@ module RubySMB
|
|
85
90
|
drs_domain_controller_info_request Drsr::DRS_DOMAIN_CONTROLLER_INFO
|
86
91
|
drs_crack_names_request Drsr::DRS_CRACK_NAMES
|
87
92
|
drs_get_nc_changes_request Drsr::DRS_GET_NC_CHANGES
|
88
|
-
string
|
93
|
+
string :default
|
94
|
+
end
|
95
|
+
choice 'Dfsnm', selection: -> { opnum } do
|
96
|
+
netr_dfs_add_std_root_request Dfsnm::NETR_DFS_ADD_STD_ROOT
|
97
|
+
netr_dfs_remove_std_root_request Dfsnm::NETR_DFS_REMOVE_STD_ROOT
|
98
|
+
string :default
|
89
99
|
end
|
90
100
|
string :default
|
91
101
|
end
|
@@ -109,6 +109,11 @@ module RubySMB
|
|
109
109
|
end
|
110
110
|
end
|
111
111
|
|
112
|
+
class RpcUnicodeStringConfVarArray < Ndr::NdrConfVarArray
|
113
|
+
extend Ndr::ArrayClassPlugin
|
114
|
+
default_parameters type: :rpc_unicode_string
|
115
|
+
end
|
116
|
+
|
112
117
|
# A pointer to a RPC_UNICODE_STRING structure
|
113
118
|
class PrpcUnicodeString < RpcUnicodeString
|
114
119
|
extend Ndr::PointerClassPlugin
|
@@ -0,0 +1,24 @@
|
|
1
|
+
module RubySMB
|
2
|
+
module Dcerpc
|
3
|
+
module Samr
|
4
|
+
|
5
|
+
# [3.1.5.4.4 SamrCreateUser2InDomain (Opnum 50)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/a98d7fbb-1735-4fbf-b41a-ef363c899002)
|
6
|
+
class SamrCreateUser2InDomainRequest < BinData::Record
|
7
|
+
attr_reader :opnum
|
8
|
+
|
9
|
+
endian :little
|
10
|
+
|
11
|
+
sampr_handle :domain_handle
|
12
|
+
rpc_unicode_string :name
|
13
|
+
ndr_uint32 :account_type
|
14
|
+
ndr_uint32 :desired_access
|
15
|
+
|
16
|
+
def initialize_instance
|
17
|
+
super
|
18
|
+
@opnum = SAMR_CREATE_USER2_IN_DOMAIN
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
module RubySMB
|
2
|
+
module Dcerpc
|
3
|
+
module Samr
|
4
|
+
|
5
|
+
# [3.1.5.4.4 SamrCreateUser2InDomain (Opnum 50)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/a98d7fbb-1735-4fbf-b41a-ef363c899002)
|
6
|
+
class SamrCreateUser2InDomainResponse < BinData::Record
|
7
|
+
attr_reader :opnum
|
8
|
+
|
9
|
+
endian :little
|
10
|
+
|
11
|
+
sampr_handle :user_handle
|
12
|
+
ndr_uint32 :granted_access
|
13
|
+
ndr_uint32 :relative_id
|
14
|
+
ndr_uint32 :error_status
|
15
|
+
|
16
|
+
def initialize_instance
|
17
|
+
super
|
18
|
+
@opnum = SAMR_CREATE_USER2_IN_DOMAIN
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|